I’ve just bought and set up a new Netgear N300 (WNR2200) Wireless Router to replace a six-year-old malfunctioning Linksys BEFSR41. On the set-up sheet Netgear say:

"This product has a unique Wi-Fi network name (SSID) and network key (password). The default SSID and network key (password) are uniquely generated for every device (like a serial number), to protect and maximize your wireless security. This information is located on the label on the bottom of the product.

NETGEAR recommends that you do not change the preset Wi-Fi network name (SSID) and network key (password). If you do change the settings, the information on the bottom of the product does not apply."

What do you think about this? Bearing in mind they are stated to be unique, is it OK to leave the SSID and password as they are or would you change them?

Sounds like round objects to me. The SSID can be found out by scanning for it even, I am given to understand, if you keep your network hidden. The password might well be unique, but I'm sure you could think up a unique password as well, however it might well be more secure than one dreamt up by those who prefer their dog's name or their children's birthdays.

Actually, you might say their idea is less secure, as anyone who has access to your house can, if they know where to look, find out your SSID and password.

I have never bothered to hide my SSID for the precise reason you mention - that anyone who knows how can easily discover it by scanning - so there's not much point doing so.

However, I must say I find it slightly bizarre that a password for a device should be displayed on the bottom of that device. In actual fact, in the Netgear's case, once you have attached it to the supplied stand it is then in a vertical position and the password is no longer on the bottom any more but on the side and thus even more visible!

I think this has been done because of the vast numbers of routers out there with the default username, SSID and password.
Many people can't be bothered to change them.

At least this way, each unit has a unique SSID and password.
(I have seen some of these, and the SSID or password is often the serial number, one in France had an 18 digit password).
If you do change them, they can probably be reset.

The sig between the asterisks is so cool that only REALLY COOL people can even see it!

wyliecoyoteuk wrote:I think this has been done because of the vast numbers of routers out there with the default username, SSID and password.Many people can't be bothered to change them.

At least this way, each unit has a unique SSID and password.(I have seen some of these, and the SSID or password is often the serial number, one in France had an 18 digit password).If you do change them, they can probably be reset.

Indeed. Had recent experience with this, using any browser (you need to find the address of your router, this may be default or unique to your ISP, as in our case) it is a reasonably simple matter to access and change these details.

One possible reason to change SSID is that, at least in our part of Oz, there are a number of other users with a "Bigpond" ISP-assigned SSID which can be somewhat confusing, particularly when the kids are wanting to use their school laptops on the home network.

Similarly, I would want to reassign the password to something that is NOT displayed on the router for any casual visitor to see...

"If you change the SSID and/or password then we will not be able to monitor your device under our support guarantee and fix any problems we detect (e.g. firewall configuration), to ensure that it remains functional and secure."

Not happened yet AFAIK but I see that one coming.

"Klinger, do you know how many zoots were killed to make that one suit?" — BJ Hunnicutt, 4077 M*A*S*H

GregS wrote:Similarly, I would want to reassign the password to something that is NOT displayed on the router for any casual visitor to see...

Couldn't agree more!

My previous router, the Linksys, was not wireless enabled but about four years ago I decided to add a wireless access point. Knowing virtually nothing about wireless I read up on it and discovered that it was best to have a fairly long password, not using any dictionary words but a mixture of numbers and letters, upper and lower case. So I followed that advice and created a 15 character password, which (again I had read this was a good idea) I changed from time to time.

On my new Netgear router, I am not convinced myself that their “uniquely generated” password is particularly well chosen and I do really wonder whether it is in fact “unique” or whether, say, it might be found on another Netgear router or, if not the exact same password, something very similar. I am undecided at the moment whether to change it or not.

I am now trying to find out about WPS which I do not want to use but have not so far found any way to disable. From what little I have read I believe there may be security risks with WPS? The user guide says you can turn it off by pressing the WPS button on the front of the router but all that happens when I do that is the light flashes for a bit and then stays on. It seems to be linked to the wireless on or off button next to it. If I turn the wireless button off, the WPS light goes out and stays out. If I turn the wireless button on, the WPS light also turns on. The WPS button does not appear to work independently of the wireless button as far as I can see.

all BT home homehub3s have the router id and the ssid on an easily removable little tab so that you don't have to worry about such things and they also supply two stickers with the same info in case you want to pass that around too

Marrea wrote:I am now trying to find out about WPS which I do not want to use but have not so far found any way to disable. From what little I have read I believe there may be security risks with WPS? The user guide says you can turn it off by pressing the WPS button on the front of the router but all that happens when I do that is the light flashes for a bit and then stays on. It seems to be linked to the wireless on or off button next to it. If I turn the wireless button off, the WPS light goes out and stays out. If I turn the wireless button on, the WPS light also turns on. The WPS button does not appear to work independently of the wireless button as far as I can see.

Paranoia or what.

So far as I can see, justified paranoia. There have been a number of reports of serious security problems with WPS. For instance, see the below:

Those are only a few of the reports. Enough to make me disable WPS on my current (horrible, awful) Technicolor 582n router. And enough for the author of the replacement firmware for my soon to be deployed Ausus RT-N56U router to remove WPS completely.

and have accordingly disabled the PIN in the router's GUI as described in that article. However, the WPS button on the front of the router will still not turn off (ie the green light refuses to disappear) so I shall just have to keep my fingers crossed that what Netgear say about only the router PIN method being vulnerable to brute force attack is correct.

I contacted Netgear via their support site to tell them that I had disabled the router’s PIN but should welcome clarification about how to turn off WPS completely, as I had found it impossible to do this by pressing the WPS button on the front of the unit although the User Guide implies I should able to do this. They have replied as follows:

"I have reviewed your case and I understand that you need assistance in disabling the WPS function of the router.

For your query about the WPS function:

The WPS will be enabled automatically if the security is set to WPA, thus disabled when using WEP (54 Mbps). The Push Button will still work even though you have disabled the PIN on the settings. Only the use of the PIN will be disabled."

So - assuming I have read this correctly - if I have security set to WPA (which I have) I am stuck with having WPS enabled; and the only way I can turn WPS off completely is by setting the security to WEP, which will allow any determined hacker to break in within 60 seconds.

"I am aware that you would like to confirm if changing the security into WEP is the only way to completely disable the WPS function of your NETGEAR WNR2200.

In response to your inquiry - yes, as of now, the only way to completely disable WPS is by changing the security into WEP. We have taken note of your comments though and we will try to come up with a firmware that will enable users to completely disable WPS."

I am pleasantly surprised that they have taken my comments on board and offered to try and do something about the situation. I shall wait and see what happens.